Posted
by
Soulskill
on Friday January 21, 2011 @12:50PM
from the plot-thickens dept.

An anonymous reader writes "Florian Mueller claims to have produced new evidence that he believes supports Oracle's case against Google on the copyright side of the lawsuit. Oracle originally presented one example to the court, and that file was found to have been part of older Android distributions, with an Apache license header. Mueller has just published six more files of that kind and believes the Apache Software Foundation will disown those just like the first one because those were never part of the Apache Harmony code base. Furthermore, various source files from the Sun Java Wireless Toolkit were found in the Android codebase, containing a total of 38 copyright notices that mark them as proprietary and confidential, but Google apparently published their source code regardless."

This post is proprietary and confidential. By accepting it, Slashdot agrees to not publish it to any third parties without my explicit permission. Violations of this contract will result in Commander Taco being legally bound to turn into a tunicate [wikipedia.org] for not less than 36 hour greater than the duration at which this post is made available to any unauthorized third parties.

Mueller posted a rebuttal to that also, but it seems the upshot of his argument is that the code exists in the sourcetree (which of course has been acknowledged) and that while it doesn't appear to have been actually used in Android distributions (as per the make files) since it is unit test code, Burnette can't prove that Android distributions that do use that code in some form don't exist. So it seems he his now trying to go with a 'guilty until proven innocent' argument.

Actually, all ACs are me. However I am also 93.2% of all logged in accounts too, so that doesn't help much. You may be one of the few exceptions but 'Cwix' does sound familiar, I'll have to check my list.

This is a troll because there is no evidence that Google tried to pin anyone.

Google used the Apache Software License, which is not the same as attributing the code to the Apache Foundation. Then the apache foundation felt necessary to clarify the difference and did not "disown" the code, because no one said they owned it at all. They also clarified that using the ASL is encouraged and perfectly normal.

It is a lot like finding that Windows 2k was partially built with GNU make. No wrongdoing at all. Only a tr

I'm not sure blame is the right word, however it's entirely possible that Google has a copyright assignment agreement with the ASF. If this is the case, they may simply be putting an ASF copyright header at the top of Android source files, with the assumption that people at the ASF will pick up any that are actually useful and incorporate them into their codebases. This would mean that the ASF actually does own the subset of this code that Google has the right to assign (i.e. the stuff that isn't owned by

... however it's entirely possible that Google has a copyright assignment agreement with the ASF. If this is the case, they may simply be putting an ASF copyright header at the top of Android source files, with the assumption that people at the ASF will pick up any that are actually useful and incorporate them into their codebases. This would mean that the ASF actually does own the subset of this code that Google has the right to assign...

An AC posted a header. If accurate it seems to license not assign ownership:
"Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements."

Except that as far as I've seen (troll blog post notwithstanding) Google didn't try to blame anything on anyone -- they used the Apache license. ASF independently clarified saying that the choice of Apache license does not mean that it was a part of the ASF-owned Harmony project.

From the referenced ASF blog:

Recent reports on various blogs have attributed to the ASF a number of the source files identified by Oracle as ones that they believe infringe on their copyrights. The code in question has an header that mentions Apache, and perhaps that is the source of the confusion. The code itself is using a license that is named after our foundation, is in fact the license that we ourselves use. Many others use it too, as the license was explicitly designed to allow such uses.
Even though the code in question has an Apache license, it is not part of Harmony. PolicyNodeImpl.java is simply not a Harmony class.

That's all. No "blaming" involved on Google's part. No "disowning" on ASF's part. Just one annoying blogger trying for ad impressions.

Since Slashdotters have more than once tried to dismiss this guy as some troll or just some blogger, perhaps you should do a little research. Florian Muller [wikipedia.org] is the founder of the NoSoftwarePatents [nosoftwarepatents.com] campaign, fighting the EU's directive on the patentability of computer-related inventions, which they eventually rejected. He's received several awards for his intellectual property activism and is considered one of the most influential in the field.

But yeah, because this is a potentially negative Google submission, people around here are going to attack the messenger and try to dismiss him outright, because they're biased toward pro-Linux companies like Google. This site's comment section is becoming a real trash heap.

Good for him! Seriously, I think that what he's done is great. However, it doesn't change the problems that exist with this and a couple of his other blog posts.

Neither his stance on Google nor the tone of the article have anything to do with my comment. Instead, it's based on a portion of his post being factually incorrect. So blatantly incorrect I don't see how he could have missed it -- which leads me to thinking that it was intentional.

But yeah, because this is a potentially negative Google submission, people around here are going to attack the messenger and try to dismiss him outright, because they're biased toward pro-Linux companies like Google. This site's comment section is becoming a real trash heap.

If you look at the second link, it gives an example of some code that is in the Android git repository. It does have a basic copyright notice on it, along with the words "SUN CONFIDENTIAL - DO NOT DISTRIBUTE." So Google could be in some kind of legal trouble here. They distributed code that is owned by someone else, against their wishes. HOWEVER - the damages are not likely to be very big, because Oracle is still distributing the same code for free. As far as I can tell, it's not a part of the Java source code.

Google does have serious problems with Android, mainly because Oracle owns a lot of patents relating to virtual machines. Microsoft ended up paying $700million or so because of that, for C#. It will not be easy for the Android creators to get out of it.

(Note: if you're going to reply telling me that Microsoft had to pay because they were copying Java, you are right, but please go find some links talking about Sun's other lawsuit over C# and inform yourself before replying).

Was there an actual lawsuit over this? IIRC, all that is known is that Microsoft pays a certain undisclosed amount to Sun/Oracle over some Java patents, which, supposedly, pertain to CLR - without any lawsuit (which would actually be a good hint that Sun's JVM patents are solid).

Another example of what "do no evil" really means: if Google benefits it isn't evil, right? Pretty amazing and inept theft of IP on Google's part and for being this inept and stealing so blatantly, Oracle will get billions. Shame that we Android users will have to pay for Google's theft.

Why should Android users have to pay for Google's mistakes? I'm thinking more along the lines of:

1. Google releases code that's not theirs2. Google profits massively from Android, users profit massively from Android3. Google gets caught, pays bunch of fines and whatever it needs to to be allowed to continue use of the code4. Users continue to profit, Google's profits from Android are diminished just a little bit5. The whole issue is forgotten and life goes on as Android users continue to profit

That's too bad because the Droid isn't locked. The Droid was actually pushed out by Google to Android developers. So if you were to throw a Droid down the toilet you wasted a perfectly good, unlocked, fully rootable, Android device.

1. are there any android devices to date that aren't rootable? yes maybe there are, but saying the device is rootable doesn't make it especially unique or suited for development.

2. what exactly does unlocked mean when the only droids produced are on verizon's non-standard CDMA network? you can't use a droid anywhere except verizon. and by the way, "droid" is a trademark of verizon wireless.

I believe that it goes more like this. Iif Google violated terms I believe the courts will determine the value of that violation and make Google pay. A company that refuses to license you something that you accidentally use doesn't get to determine what you will pay. Google simply has to leave it up to the courts to decide what that value is and they won't necessarily use the numbers the company says it is worth. In the case of people violating the GPL the value courts have ruled is $0. They essentially get

And you have proof of this from where? Because according to their own financial statements they say otherwise. 96.5% of their revenue comes from adsense programs and from Google-owned websites. The other 3.5% comes from "other sources" which are primarily interest off of investments.

How is open source to blame for the demise of sun? Sun just failed to utilize open source profitably. If they had tried to sell java in every market, it would have never become the standard it is today. Different management could have made a world of difference with profits from support, consultation etc.

This is a downside to hiring only really smart overachiever type employees.

Yeah, they get so caught up in creating something new, useful, or revolutionary that they often forget to pay their bribes, purchase a thought license, or even beg for permission from their masters. For shame.

How will our society ever continue on if people are allowed to just create things willy-nilly? There have to be strict legal limits, dammit! Creating new products should be like navigating a booby trapped maze blind-folded, where the slightest slip up means an excruciatingly painful death, and wher

Using the apache software license is not the same as attributing code to the apache software foundation, you know just like people is not giving their copiright to Berkeley or MIT or the GNU project... Seriously, this is the second story from this troll in a couple of days... This is not even flamebait, if so at least I could enjoy the show, instead: why post it?

Read more carefully. The license files in the headers explicitly state the ASF as the copyright holder, not just that they are licensed under the ASL 2.0. Of course, the reason for this is probably to make it easier for Google-contributed Android code to be used by the ASF, rather than to blame them for copyright violation.

This is all getting SO stupid, copying a bit of text is NOT infringment so long as fair use is not exceeded, and if the text or the idea was already written that way, shoot or throw all the STUPID corporate f**kers and lawers and throw the bodies in the Charles River, along with the Tea chests.

It's stupid, but not for the reason you suggest. Oracle's attack on Google's use of Java is based on patents. Copyright issues are peripheral and cannot prevent use of Java, they will at most further line the pockets of lawyers and require some clean room rewrites. To put it another way, copyright does not protect ideas, only the expression of them. Either Sun's expression of Java ideas is not the only one in which case a rewrite is possible, or it is the only possible expression in which case the expre

That said, the stupidest thing of all would be for Google to continue to rely solely on Java for Android while C++ is significantly more efficient and significantly less of a patent minefield. Of course there are stupid people at Google, or more accurately, people who consistently do stupid things for whatever reason (as far as I'm concerned, a stupid person) and it comes down to, who calls the shots and how stupid is he?

IMO, using Java and Linux was a brilliant strategy to get Android off the ground quickly and to have a critical mass of experienced developers from the start. However, now that it's established, Google can begin damping down the significance of Java and allow it to be more language neutral.

Movement away from total reliance on Java (or the Dalvik JVM) is already underway. It is (as of 2.3 - Gingerbread) possible to implement apps completely in C/C++ without writing any Java. http://android-developers.blogsp [blogspot.com]

It is (as of 2.3 - Gingerbread) possible to implement apps completely in C/C++ without writing any Java.

But the C++ application still runs under Java so somebody is still stupid.

That somebody is beginning to sound a lot like you.

The C++ applications run natively (as in, not on top of Java). In NDK v5, ONLY when services provided by the Dalvik JVM are needed do they go through the JNI layer. C++ apps have full native access to the linux kernel services and in effect, run ALONGSIDE the Dalvik JVM. This really provides the best of both worlds. Apps with simple user interaction that don't require high performance can stick with the simpler Java APIs, while apps that require high perfo

It is (as of 2.3 - Gingerbread) possible to implement apps completely in C/C++ without writing any Java.

But the C++ application still runs under Java so somebody is still stupid.

That somebody is beginning to sound a lot like you.

Sorry, it's not. I quote: "Of course, access to the regular Android API still requires Dalvik, and the VM is still present in native applications, operating behind the scenes".

So, months after being sued by Oracle, C++ is still joined at the hip to Java on Android. It should have been set free the next day. Stupid. Or more accurately, fucking stupid.

I don't know why I'm wasting my time responding to this because you're obviously don't know what you are talking about.

First, the NDK compiles the C/C++ code down to native ARM binaries. Yes, the VM is still in control, but the binaries run at the full speed of the processor. Accessing the standard Android API obviously still has to go through the VM via JNI for now, but as I stated, the direction of the NDK is to expose more and more services without going through the Android API. For instance, NDK r5 e

You imagine I was not fully aware of every detail you just regurgitated. The fact remains, Android still ties C++ to Java, needlessly. Which is stupid. And I am beginning to think that the same should be said of you, even though your heart is in the right place.

Daniel, you're starting to sound like the people who go on LKML and ask why the Kernel can't be rewritten in another language. I'm sure you understand that is crazy. Much like Linux's 8 million lines of code, Android is large at 11 million lines of code. All of the libraries and services a native app might use are not going to be rewritten in a point release. How else would you expect the system to work right now except as a mixed mode?

You're not going to impress me exaggerating by the difficulty of doing this or that with a computer, especially when it comes to interpreters and especially when it comes to execution environments. Conversion of large Java code bases to C++ is largely mechanical, and in this case, only a small fraction of the code needs to be converted to remove the tie between native applications and Java. Here is the reality: smart people can do stuff like that. Stupid people just bleat about the difficulty ad nauseum.

I hope that someday everything on Android is handled through kernel interfaces and native libraries

By the way, you must be aware that it already is? Java/Dalvik does all its IO including all device control by JNI calls. Exactly the same API calls a native binary makes, except twisted through the incredibly barfacious JNI API.

In Florian's paper, he points these out as Sun PROPRIETARY / CONFIDENTIAL. However, it looks like several of the sources come from Sun's mmademo, linked here [java2s.com]. In this rendition of the document, each source file's license is a permissive one by Sun (i.e., not proprietary / confidential).

The ones from microedition seem to be mentioned elsewhere under GPL [mobile-utopia.com].

Some sources seem to come from here [mobile-utopia.com], where some of the files (e.g., Control.java) have the proprietary markings, but these are interfaces. Control, for example, is an empty interface. Not sure if that affects anything.

I'm not qualified to make any sense out of this, but it seems like several of the sources Florian mentions are actually GPL'd sources with incorrect headers. There are a few trivial ones that (in the source I found) seem to be correctly marked proprietary. As much as I admire Florian's ability to grep, I think he's just found an error in some headers, not actual violations.

I'm not an expert either, but he points out that J2SE 5.0 has the "proprietary" copyright notices while 6 has GPL notices, but that 5.0 is relevant for the time. I didn't see a specific date mentioned for when the alleged violations occurred, but Google announced Android on Nov 5, 2007 (while the first handset to use it, the T-Mobile G1 aka HTC Dream, was released on Sep 23, 2008). J2SE 6 (which apparently has GPL notices) was released Dec 11, 2006 (nearly a year before Google released the first SDK for A

However, it looks like several of the sources come from Sun's mmademo, linked here [java2s.com]. In this rendition of the document, each source file's license is a permissive one by Sun (i.e., not proprietary / confidential).

Indeed, I just compared two files from the/test/mmademo/src/example/mmademo/ directory inside the MMAPI.zip file with the linked source code and indeed it seems like they are the exact same files with a different license header.

Just because the code was allegedly re-licensed under the Apache license doesn't mean Apache had anything to do with it. That would be like claiming the FSF is responsible for all code released under the GPL. As already noted, the files in question were not part of the Harmony code base, so I don't understand how anyone could see this as Google "pinning copyright violations on ASF".

Sounds like someone definitely f**ked up though.

I hope their "Unladen Swallow" project succeeds, so they can port everything to

I don't get it.
Searching the source code for words like "proprietary", "distribute", "licence", "sun" must have been the first step taken by anyone intrested in finding out more of the Oracle lawsuit.
Not to mention Oracle's investigation, hundreds of tech-savvy people must have done it the same day as the story broke. How can this be a new finding?
I mean.. he is the first person savvy enough to wield the arcane power of The Grep on ze code and post about it? Not probable. I dont get it.

Suppose I grab a copy of some of Oracle's propriety licensed source code, and change the header to attribute the copyright to me and change the date to a prior date. How can Oracle conclusively prove that they didn't steal the code from me?

For that matter, who's to say that some of Oracle's source code wasn't lifted from some other OSS project with the headers changed?

The idea that simply placing "Copyright (c) 1995, mswhippingboy" in the header of a file seems like pretty flimsy evidence either way to me

From the beginning, some others believed that the Android developers had utilized a decompiler. I read about that theory on a couple of different websites, especially reddit.com. When I looked into this case again, I downloaded a Java decompiler named JAD. And when I decompiled PolicyNodeImpl.class from J2SE 5.0, the result was pretty much the same source code as Android's PolicyNodeImpl.java code (which Oracle presented in its Exhibit J). My "PolicyNodeImpl synopsis" document shows the similarities.

I then performed the same comparison for six other files in the adjacent "acl" subdirectory. The Android versions of those files are available on the Web (Android version 2.2 aka "Froyo", Android version 3.0 aka "Gingerbread"). My synopsis PDF files document the same problem: Android contains, under the Apache license, code that is essentially just decompiled code of Oracle/Sun software that was never licensed to Apache.

Interestingly, PolicyNodeImpl.java (the file used by Oracle in its Exhibit J) appears not to have been part of the most recent Android distributions, while the six other files I identified are part of the two most recent and presently most relevant distributions: Froyo (Android 2.2) and Gingerbread (Android 2.3). That makes those files even more important than the one Oracle presented.

The old story about one decompiled class was made not quite relevant by the fact that it was not part of the OS itself, but some supporting code that is easily removed. Now, though, it turns out that vendors have shipped decompiled proprietary Sun/Oracle code on numerous Android-based devices, courtesy of Google. That will not look good in the court at all.

Tom Callaway has done tremendous work cleaning up the Chromium codebase and one of the things he found is that Google just grabs stuff without thinking [livejournal.com].

They say things like they need to fork, they can't use existing versions, they need to copy code wholesale into their codebase, etc. He's proven them wrong on those counts by systematically replacing all their half-baked crap with system libraries. They don't seem to regard licenses very highly either.

"A close look at the actual files and accompanying documentation, however, suggest that it's not a simple case of copy and paste. The infringing files are found in a compressed archive in a third-party component supplied by SONiVOX, a member of Google's Open Handset Alliance (OHA). SONiVOX, which was previously called Sonic, develops an Embedded Audio Synthesis (EAS) framework and accompanying Java API wrappers which it markets as audioINSIDE."

It's not clear how the zip file got included in the AOSP, but it's obvious that it wasn't intended to be there and isn't actually used by Android in any capacity. Android is using SONiVOX's EAS code, but doesn't use or need the MMAPI wrapper. This incident is very clearly not a case of Android stealing code from Sun or J2ME. It's a handful of test cases from an unrelated and publicly available Sun reference implementation that got uploaded by accident to AOSP in a zip archive supplied by a third party. It's a tacky mistake, but it's hardly serious or damaging. At worst, it warrants a takedown notice. It's certainly not a smoking gun as one might assume when viewing the code out of context.

Florian doesn't seem to consider the possibility that when Google acquired the files, they didn't have the "CONFIDENTIAL" notice on them. If the files were obtained as part of a larger demo or test suite released with an encompassing less-restrictive license, as appears to be the case with at least some of the files mentioned, then maybe someone other than Google (even possibly a Sun employee) scrubbed the notices accordingly. The tone of the article doesn't give Google much benefit of the doubt that these

if there's guilt, it seems that the files involved are essentially insignificant in the context of android. does that factor into damages? is guilt here all or nothing? is stealing 100 lines of stolen source code the same as 1 million? common sense would say no but of course the laws here aren't common sense.

They could have avoided this potentially damning evidence by simply having one developer review the source code

It's not damning evidence because it has nothing to do with the patents at the center of the case. However it is worth remembering that this is SCO's lawyer we're dealing with here and he will no doubt attempt to spin it into something it isn't. SCOracle.